Always wondered how to implement BranchCache, or what’s involved in a VDI infrastructure? Then book on this one-off weekend Masterclass special. Places are limited, and we will be covering the topics YOU want to know more about. Drop in with your questions for MVP Chris Rhodes to answer on topics surrounding Windows Server 2012. Demos and guidance from veteran MCT Chris Rhodes at the picturesque York University Ron Cooke Hub by the lake. September 21-22. Call 01904 325154 or email Andrew.Bettany@York.ac.uk for more info on how to take advantage of this limited offer.

History Allow me to start by telling you a story. A long while ago, I did some work for a travel agency. The project I was involved in was a desktop upgrade, rolling out NT 4.0 Workstation across the company. This included the computers in the agency retail outlets used to help sell flights and holidays. The company needed to limit the applications were allowed to run on the computers, as it hardly looked professional if a customer entered the shop to see an assistant playing Solitaire! Back in those days, we used Poledit.exe to customise what users could see and do on the desktop. So much has changed since then.

In more recent times, such as with Windows XP, Group Policy incorporated newer settings for administrators to manage desktops, and this included Software Restriction Policies (SRPs). SRPs allowed administrators to limit which applications users could run, based on rules such as path, and certificate publisher.

Today Now with Windows 7 and Windows 8 Enterprise editions, administrators can now leverage a more modern set of tools via the Applocker feature in Group Policy. Applocker settings can be found in the following area as seen in figure 1.

Figure 1. Applocker settings in Group Policy.

You can configure the following types of rules in Applocker:

· Executable rules – rules that point to a folder containing executables, or a specific executable.

· Windows Installer Rules – rules which control which programs can be installed in the first place, rather than limit them running afterwards.

· Script Rules – increasingly, administrators use scripts like PowerShell scripts to manage desktops. The behaviour of scripts can now be controlled.

· Packaged App Rules – the newest to the collection. This is for Windows 8 Apps, or otherwise known as side-loaded apps. You can find out more about side-loading in the Windows 8 Jump Start video collection.

Why use Applocker? One of the benefits for administrators is that Applocker allows very customisable rules that allow/disallow applications, scripts and installers, and not just system-wide like SRPs used to do, but per user or per group now as well. This gives a level of granularity that simplifies management, and the number of Group Policies that need to be deployed across an organisation.

Administrators should be interested in this feature to ensure security and licencing compliance needs are met, and to help reduce the TCO in managing applications that users might otherwise download and install.

How Does It Work? Firstly an administrator will create/edit a Group Policy Object such as the one you’ve seen above. Based on the business needs, rules are created to permit/deny some applications/scripts/installers to run for different users or groups. In figure 2, I’ve created an executable rule by first creating the default rules that allow users to run all programs from ‘Program Files’ and ‘Windows’ folders, and administrators to be able to run all applications from all folders. I’ve then created a rule that specifically denies notepad.exe using a hash rule, meaning that even if the file is moved or renamed, the rule will still control access to that application. It’s also important to remember to configure rule enforcement, as by default no action is taken.

Figure 2. Executable rules configured in Applocker in Group Policy.

Once the policy applies to a Windows 7 or Windows 8 domain joined computer, the Application Identity service will use the deployed information whenever a request to launch an application takes place.

Summary The desktop administrator today has more options than ever before to control Windows operating systems. When used in an Active Directory environment, Windows 7 and Windows 8 can be robustly managed to help ensure licencing compliance and security on the desktop with Applocker.

For more information on Applocker and Group Policy, visit the Springboard website.

The kind folks at TechNet are giving away, not just a show ticket, but a fully funded flights an’ all trip to TechEd Europe. That’s a pretty good offer. Normal entrance price alone for the conference is €2000.

It’s pretty easy to enter. All you need to do is to download/trial one of more of the following technologies:

Windows Server 2012

System Center 2012 SP1

Windows Azure

Then write a review and submit it. Simples. There is a golden ticket up for grabs for each technology, so you have 3 chances to win! Or you could win a runner up prize of a shiny new Windows Phone.

Well, as operating systems go, it was a good one. It had a great life, and everyone loved it. Heck, I still have a hard time convincing people to get off it. The cold hard fact of the matter is that as of April 9th 2013 (i.e. it’s already too late!) Windows 7 is no longer supported.

Hey, wait a minute – did he say Windows 7??

Yes. OK, let me be a little more specific, Windows 7 RTM – i.e. those systems without SP1. As per lifecycle policy, and therefore it should come as no surprise, support has now ended.

Don’t panic!

All is well, you good people, (as I’m sure you are), as you will have been good boys and girls and of course installed SP1 ages ago, so all is well. That’s if you are not already using Windows 8 of course. In fact, Windows 7 has many good years of life left in it yet, until 2015 for mainstream support, and until 2020 for extended support. Phew!

But the passing of this date does draw into focus a slightly more worrying deadline that I fear many are going to fall foul of. That being the 8th April 2014. Yes, that’s not far away, less than a year as of the time of writing. 347 days to be exact. This time I am talking of course about Windows XP. Again, this should not come as a surprise, it has been well documented for quite some time.

The thing that worries me (and I’ll stop short of saying it keeps me awake at night), is that many companies are either a) blissfully unaware – spot the deliberate pun? or b) they know this, but simply haven’t started rolling out a replacement yet. Many are in the pipeline, but if you have not yet started, please be aware, the average company takes between 12-18 months to complete a rollout of a desktop operating system from envisioning the plan to actually supporting it out in the field.

This unfortunately doesn’t give much time to get out of the situation of being unsupported. There is good news of course. There is a wealth of information and experience out there for IT Pros to tap into, and a whole bunch of tools that make deploying Windows way simpler than you think. Start by visiting the Springboard site which is a dedicated portal for IT Professionals to make understanding these kinds of key technologies.

Also well worth a visit is the deployment module on the Microsoft Virtual Academy. Great for learning at your own pace the tools and techniques that are used in deploying a modern operating system. Feel free to comment with questions.

One idea for the weekend for you is to pilot a VDI solution. This allows you to deploy virtual machine based Windows clients, thus accelerating your upgrade pathway out and away from XP.

Let’s face it folks, XP had a great run for it’s money, and before the coffin gets laid to rest next year, it will have had 12 years of support from Microsoft, but every dog has it’s day. Do yourself a favour and get onto Windows 7 or Windows 8. You won’t regret it.

I get a lot of questions in my job as an MCT about recommending resources to people who want to either study for exams, or just further their understanding about new technologies. Just today a friend of mine in the US wanted to know about some resources he could use to help prepare him for his upcoming Windows 7 exam.

It got me thinking. Sometimes it’s great to go on a 5 day course (well I would say that, I teach ‘em!). Without doubt, you get unrivalled knowledge from a super qualified Microsoft approved instructor who is typically a top bod in their field on the chosen subject.

However, that doesn’t always fit for some folks due to time and monetary constraints. Let me point you folks to four (thanks ‏@Shih_Wei for the correction!) super cool resources you may not know, and will allow you to learn in your own time, at your own pace, sat in your comfy armchair at home.

2) Springboard. For all things Windows, you just can’t beat it. There are tutorials, articles, videos, walkthroughs and much, much more. IT Pro’s should know this and have it bookmarked in their browser for sure. http://www.microsoft.com/springboard Check it out!

3) MVA. If you’re not already using it, go give it a visit, it’s the Microsoft Virtual Academy. Some superb content on all kinds of topics from developer content to Windows 8 and Windows Server 2012 and more. Check your stats out against your friends, your country and the world with the self-assessments on there too! You may even see some of the content I wrote too. http://www.microsoftvirtualacademy.com

I just saw this on the Microsoft Born To Learn website and had to share it.
It’s a great infographic showing where you need to start, or how you can upgrade your knowledge and certification to Windows Server 2012. Enjoy!